Remove support for SSLv2

This fixes the build with the newest OpenSSL from pkgsrc. Bump revision.

3 files changed, 45 insertions, 26 deletions

diff --git a/security/qca2-ossl/Makefile b/security/qca2-ossl/Makefile
index 10bc2dd8f63..cf78ea2a59e 100644
--- a/security/qca2-ossl/Makefile
+++ b/security/qca2-ossl/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.33 2016/03/05 11:29:25 jperkin Exp $
+# $NetBSD: Makefile,v 1.34 2016/03/29 23:04:01 khorben Exp $
 
 DISTNAME=	qca-ossl-2.0.0-beta3
 PKGNAME=	qca2-ossl-${DISTNAME:S/-beta/beta/:C/.*-//}
-PKGREVISION=	29
+PKGREVISION=	30
 CATEGORIES=	security
 MASTER_SITES=	http://delta.affinix.com/download/qca/2.0/plugins/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/security/qca2-ossl/distinfo b/security/qca2-ossl/distinfo
index a03ffce0bd8..99ec70241ec 100644
--- a/security/qca2-ossl/distinfo
+++ b/security/qca2-ossl/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.4 2015/11/04 01:18:06 agc Exp $
+$NetBSD: distinfo,v 1.5 2016/03/29 23:04:01 khorben Exp $
 
 SHA1 (qca-ossl-2.0.0-beta3.tar.bz2) = dd925e8732ff76f24f9f90f4094abaf2f0ac27bf
 RMD160 (qca-ossl-2.0.0-beta3.tar.bz2) = c979c3c3427eb45e8866e28746f83966e8bcf3c2
 SHA512 (qca-ossl-2.0.0-beta3.tar.bz2) = 17b30099c1bc8650757d71fd9e7824831b132cedc920f59832cb5a8096b90932834e05f3f77ed34e213fdadf881625710e1311ae4fcc4c0919a1684adb4525b8
 Size (qca-ossl-2.0.0-beta3.tar.bz2) = 49188 bytes
-SHA1 (patch-aa) = 56daba9dd5ea2c545c63b9971fa78941d3d6ec12
+SHA1 (patch-aa) = 186e34288e91383a3a13a5bfbde109f80d9d71e3
diff --git a/security/qca2-ossl/patches/patch-aa b/security/qca2-ossl/patches/patch-aa
index 5fd408e50c8..4d21ef6add6 100644
--- a/security/qca2-ossl/patches/patch-aa
+++ b/security/qca2-ossl/patches/patch-aa
@@ -1,6 +1,8 @@
-$NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
+$NetBSD: patch-aa,v 1.3 2016/03/29 23:04:01 khorben Exp $
 
---- qca-ossl.cpp.orig	2007-12-11 07:34:57.000000000 +0100
+Remove support for SSLv2
+
+--- qca-ossl.cpp.orig	2007-12-11 06:34:57.000000000 +0000
 +++ qca-ossl.cpp
 @@ -42,6 +42,15 @@
  #define OSSL_097
@@ -18,7 +20,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  using namespace QCA;
  
  namespace opensslQCAPlugin {
-@@ -327,7 +336,7 @@
+@@ -327,7 +336,7 @@ static X509_EXTENSION *new_subject_key_i
  	X509V3_CTX ctx;
  	X509V3_set_ctx_nodb(&ctx);
  	X509V3_set_ctx(&ctx, NULL, cert, NULL, NULL, 0);
@@ -27,7 +29,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  	return ex;
  }
  
-@@ -1182,6 +1191,7 @@
+@@ -1182,6 +1191,7 @@ public:
  	{
  		pkey = from.pkey;
  		CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
@@ -35,7 +37,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  		state = Idle;
  	}
  
-@@ -1226,6 +1236,7 @@
+@@ -1226,6 +1236,7 @@ public:
  		}
  		else
  		{
@@ -43,7 +45,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  			EVP_MD_CTX_init(&mdctx);
  			if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
  				state = VerifyError;
-@@ -1771,8 +1782,10 @@
+@@ -1771,8 +1782,10 @@ public:
  			md = EVP_sha1();
  		else if(alg == EMSA3_MD5)
  			md = EVP_md5();
@@ -54,7 +56,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  		else if(alg == EMSA3_RIPEMD160)
  			md = EVP_ripemd160();
  		else if(alg == EMSA3_Raw)
-@@ -1789,8 +1802,10 @@
+@@ -1789,8 +1802,10 @@ public:
  			md = EVP_sha1();
  		else if(alg == EMSA3_MD5)
  			md = EVP_md5();
@@ -65,7 +67,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  		else if(alg == EMSA3_RIPEMD160)
  			md = EVP_ripemd160();
  		else if(alg == EMSA3_Raw)
-@@ -3385,9 +3400,11 @@
+@@ -3385,9 +3400,11 @@ public:
  		case NID_md5WithRSAEncryption:
  		    p.sigalgo = QCA::EMSA3_MD5;
  		    break;
@@ -77,7 +79,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  		case NID_ripemd160WithRSA:
  		    p.sigalgo = QCA::EMSA3_RIPEMD160;
  		    break;
-@@ -3871,9 +3888,11 @@
+@@ -3871,9 +3888,11 @@ public:
  		case NID_md5WithRSAEncryption:
  		    p.sigalgo = QCA::EMSA3_MD5;
  		    break;
@@ -89,7 +91,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  		case NID_ripemd160WithRSA:
  		    p.sigalgo = QCA::EMSA3_RIPEMD160;
  		    break;
-@@ -4061,9 +4080,11 @@
+@@ -4061,9 +4080,11 @@ public:
  		case NID_md5WithRSAEncryption:
  		    p.sigalgo = QCA::EMSA3_MD5;
  		    break;
@@ -101,7 +103,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  		case NID_ripemd160WithRSA:
  		    p.sigalgo = QCA::EMSA3_RIPEMD160;
  		    break;
-@@ -5128,6 +5149,16 @@
+@@ -5128,14 +5149,21 @@ public:
  		v_eof = false;
  	}
  
@@ -118,7 +120,24 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  	virtual QStringList supportedCipherSuites(const TLS::Version &version) const
  	{
  		OpenSSL_add_ssl_algorithms();
-@@ -5692,6 +5723,14 @@
+ 		SSL_CTX *ctx = 0;
+ 		switch (version) {
+-		case TLS::SSL_v2:
+-			ctx = SSL_CTX_new(SSLv2_client_method());
+-			break;
+ 		case TLS::SSL_v3:
+ 			ctx = SSL_CTX_new(SSLv3_client_method());
+ 			break;
+@@ -5151,6 +5179,8 @@ public:
+ 		if (NULL == ctx)
+ 			return QStringList();
+ 
++		SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
++
+ 		SSL *ssl = SSL_new(ctx);
+ 		if (NULL == ssl) {
+ 			SSL_CTX_free(ctx);
+@@ -5692,6 +5722,14 @@ public:
  			}
  		}
  
@@ -133,7 +152,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  		return true;
  	}
  
-@@ -6155,6 +6194,7 @@
+@@ -6155,6 +6193,7 @@ public:
  				i2d_PKCS7_bio(bo, p7);
  				//PEM_write_bio_PKCS7(bo, p7);
  				out = bio2ba(bo);
@@ -141,7 +160,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  			}
  			else
  			{
-@@ -6582,7 +6622,9 @@
+@@ -6582,7 +6621,9 @@ static QStringList all_hash_types()
  	list += "sha1";
  	list += "sha0";
  	list += "ripemd160";
@@ -151,7 +170,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  	list += "md4";
  	list += "md5";
  #ifdef SHA224_DIGEST_LENGTH
-@@ -6597,9 +6639,11 @@
+@@ -6597,9 +6638,11 @@ static QStringList all_hash_types()
  #ifdef SHA512_DIGEST_LENGTH
  	list += "sha512";
  #endif
@@ -163,7 +182,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  	return list;
  }
  
-@@ -6671,7 +6715,7 @@
+@@ -6671,7 +6714,7 @@ public:
  	{
  	}
  
@@ -172,7 +191,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  	{
  		return new opensslInfoContext(*this);
  	}
-@@ -6692,6 +6736,34 @@
+@@ -6692,6 +6735,34 @@ public:
  	}
  };
  
@@ -207,7 +226,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  }
  
  using namespace opensslQCAPlugin;
-@@ -6711,11 +6783,14 @@
+@@ -6711,11 +6782,14 @@ public:
  		OpenSSL_add_all_algorithms();
  		ERR_load_crypto_strings();
  
@@ -227,7 +246,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  
  		openssl_initted = true;
  	}
-@@ -6754,10 +6829,13 @@
+@@ -6754,10 +6828,13 @@ public:
  	QStringList features() const
  	{
  		QStringList list;
@@ -241,7 +260,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  		list += "pbkdf1(sha1)";
  		list += "pbkdf2(sha1)";
  		list += "pkey";
-@@ -6780,7 +6858,9 @@
+@@ -6780,7 +6857,9 @@ public:
  	Context *createContext(const QString &type)
  	{
  		//OpenSSL_add_all_digests();
@@ -252,7 +271,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  			return new opensslInfoContext(this);
  		else if ( type == "sha1" )
  			return new opensslHashContext( EVP_sha1(), this, type);
-@@ -6788,8 +6868,10 @@
+@@ -6788,8 +6867,10 @@ public:
  			return new opensslHashContext( EVP_sha(), this, type);
  		else if ( type == "ripemd160" )
  			return new opensslHashContext( EVP_ripemd160(), this, type);
@@ -263,7 +282,7 @@ $NetBSD: patch-aa,v 1.2 2011/12/17 12:46:51 marino Exp $
  		else if ( type == "md4" )
  			return new opensslHashContext( EVP_md4(), this, type);
  		else if ( type == "md5" )
-@@ -6810,14 +6892,18 @@
+@@ -6810,14 +6891,18 @@ public:
  		else if ( type == "sha512" )
  			return new opensslHashContext( EVP_sha512(), this, type);
  #endif